Using pirated software? Swashbuckling with risk!

(2 votes, average: 3.00 out of 5)You need to be a registered member to rate this post.

We are often warned about the security risks when using pirated software. While some believe the ‘piracy argument’ is pushed by vendors to scare people into buying software rather than pirating it, this statement is not incorrect.

How do cracks work?

When hackers crack software, they modify the program’s code. Depending on the copy protection mechanics, the modification required can be as simple as changing one byte to something as complex as rewriting chunks of code. Before any of this can be done, a hacker will have to reverse engineer the software and understand how the copy protection mechanism works. This requires skill – more skill than that required to modify the software in order to defeat said copy protection. Why is this important? Someone who is capable of cracking software is probably also able to modify it in any way they see fit. This is where security risks come into play.

Crack distribution

Pirated software can be obtained in a number of way. Programs can download software that has already been cracked or they can download a small program that will crack the original unmodified software for them. Both pose security risks. The pre-cracked software could easily have been modified, not only to defeat inbuilt copy protection, but to cause harm to any organization where it is installed. Modifications, like adding a backdoor, could allow access to the company’s confidential data which is then stolen or leaked to others. In a similar manner, a crack applied to an original software package will rewrite part of the program’s code. These rewrites could change software in more ways than required to defeat its copy protection mechanism and may insert other mechanisms that put systems at risk – just like pre-cracked software could.

No technical expertise required

You do not need a lot of technical expertise to modify software and add malicious components to it. A few years ago, an underground outfit called Rat Systems released a Trojan kit system for as little as $20. Anyone who bought this software could modify any program they wanted to provide them with a backdoor to their intended victims’ machines. These automated tools that make Trojans out of legitimate software with little to no effort are easily detected by antivirus software Unfortunately, this isn’t the case for software that’s manually modified by hackers.

Manually modified software

Although using off the shelf tools to manipulate software will most likely make the malware easily detectable by antivirus tools, this is not the case for custom modifications. If someone modifies Microsoft Office, for example, to send a copy via email to a disposable email address each time a document is opened – an antivirus solution will not detect this as suspicious activity. The user won’t notice anything suspicious because from their point of view everything would be working as expected. This type of malware will probably run undetected for the software’s shelf life.

Unreliable sources are a risk

Cracked software is not the only headache for an administrator. Downloading legal software from unofficial sources is a risk as well. There is nothing to prevent a cybercriminal from copying a free software package and modifying it to spy on users and then offer it back for download. That’s why it is always a good idea to download software from official vendors and never from a random link provided by a search engine.

Staying safe

A good security policy should clearly state the procedures users need to follow to obtain and install new software. It is important to highlight the reasons why illicit software is not allowed. It is equally important for users to be careful even when downloading software they are authorized to use. When a policy is explained to users, they are more likely to obey them, and take an informed decision the next time they need to download and install any software.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

About the Author: Emmanuel Carabott

Emmanuel Carabott (CISSP) Certified Information Systems Security Professional has been working in the IT field for the past 18 years. He has joined GFI in 1999 where he currently heads the security research team.

Emmanuel is also a contributor to the GFI Blog where he regularly posts articles on various topics of interest to sysadmins and other IT professions focusing primarily on the area of information security.